[CentOS] Iptables issues again

Mon Jul 13 15:49:50 UTC 2009
Bo Lynch <blynch at ameliaschools.com>

I know that I have asked this before of the list. However we just changed
ISP and ip's and I'm having this issue again. I have a linux firewall
using iptables with the following config
eth0 = WAN 1
eth1 = LAN 1
eth2 = WAN 2

I'm trying to forward all traffic that makes a request from eth2 to an
internal IP on eth1.

These are the folloing rules that I have set up.
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 80
-j DNAT --to-destination 192.168.1.3:80
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 5071
-j DNAT --to-destination 192.168.1.3:5071
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 407
-j DNAT --to-destination 192.168.1.3:407
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 1417
-j DNAT --to-destination 192.168.1.3:1417
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 1418
-j DNAT --to-destination 192.168.1.3:1418
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 1419
-j DNAT --to-destination 192.168.1.3:1419
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 1420
-j DNAT --to-destination 192.168.1.3:1420
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 7880
-j DNAT --to-destination 192.168.1.3:7880
iptables -t nat -A PREROUTING -p tcp -i eth2 -d 69.21.103.132 --dport 443
-j DNAT --to-destination 192.168.1.3:443
iptables -t nat -A PREROUTING -p udp -i eth2 -d 69.21.103.132 --dport 407
-j DNAT --to-destination 192.168.1.3:407
iptables -t nat -A PREROUTING -p udp -i eth2 -d 69.21.103.132 --dport 1417
-j DNAT --to-destination 192.168.1.3:1417
iptables -t nat -A PREROUTING -p udp -i eth2 -d 69.21.103.132 --dport 1418
-j DNAT --to-destination 192.168.1.3:1418
iptables -t nat -A PREROUTING -p udp -i eth2 -d 69.21.103.132 --dport 1419
-j DNAT --to-destination 192.168.1.3:1419
iptables -t nat -A PREROUTING -p udp -i eth2 -d 69.21.103.132 --dport 1420
-j DNAT --to-destination 192.168.1.3:1420
iptables -t nat -A PREROUTING -p udp -i eth2 -d 69.21.103.132 --dport 7880
-j DNAT --to-destination 192.168.1.3:7880
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 80 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 5071 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 407 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1417 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1418 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1419 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1420 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 7880 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 407 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1417 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1418 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1419 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1420 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 7880 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 5071 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 407 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1417 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1418 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1419 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 1420 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 7880 -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -d 192.168.1.3 --dport 443 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 407 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1417 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1418 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1419 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 1420 -j ACCEPT
iptables -A FORWARD -p udp -i eth2 -d 192.168.1.3 --dport 7880 -j ACCEPT
iptables -A FORWARD -i eth1 -o eth2 -s 192.168.1.3 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.1.3 -j SNAT -o eth2 --to-source
69.21.103.132
iptables -A FORWARD -t filter -o eth2 -m state --state
NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -o eth2 -m state --state NEW,ESTABLISHED,RELATED -j
ACCEPT
iptables -A FORWARD -t filter -i eth2 -m state --state ESTABLISHED,RELATED
-j ACCEPT
iptables -A FORWARD -i eth2 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p tcp -i eth2 -o eth1 -d 192.168.1.3 -m multiport
--dports 80,443 -m state --state NEW -j ACCEPT

I'm sure its something I'm doing wrong. Any help would be greatly
appreciated.
Thanks
-- 
Bo Lynch